Re: 802.1x inaccessible authentication bypass

prashantphirke · ‎05-07-2009

I am having 2960 switch on which dot1x is configured. It is also configured for AAA authentication. when user tries to connect to a local network, it gets authencated from a radius server and a user is allowed in a network.

Now I want all critical users to get connected in the network evenif the radius server is not reachable.

Hence for the same I have configured the 802.1x "inaccessible authentication bypass" feature as per cisco configuration guide.

But still, whenever I unpluge the radius server and try to connect the user in network, Dot1x asks for the username and password and do not allow network connection.

I have even tried using the radius as a first auth. and local database as a second auth. method. But still no success.

Does anybody has experianced this problem???

sachinraja · ‎05-08-2009

Hello Prashant

Can you post the port configurations here ? have you configured the critical port, radius parameters etc, and does the switch recognize that the radius server is down ?

I think this is more to do with the design of the entire dot1x authentication.. I have tried this in labs and have had tough times, generating these scenarios.. we would hardly able to justify this feature on the network. I think it is highly advisible to have dual radius servers (or even more than 2), and configure the switches with standby radius servers.. I really wouldnt want my network enabled with 802.1x and having issues contacting the radius server.. even though we have options and solutions to overcome it, i wouldnt want too many complications on the 802.1x front..

Hope this helps.. all the best.. rate replies if found useful..

Raj

roberto brito · ‎06-27-2017

Did you resolve this issue?